Skip to content

Expose stable syscall interface via DeviceIoControl #3700

Closed
@lmb

Description

@lmb

Describe the feature you'd like supported

As I understand, the stable API boundary for this project is currently a (1) libbpf compatible API and a (2) bpf() compat layer built on top of (1). Both of these are implemented in a .dll which calls out to the kernel component via DeviceIoControl.

I maintain github.com/cilium/ebpf, which is a popular Go library for interacting with Linux's eBPF subsystem. It would be great if we could offer Windows support in some fashion as well. Early on we made the decision that the library can not rely on CGo: software that relies on it is notoriously hard to build / package. CGo also has a noticeable performance impact, although this has gotten better over time. This means that on Linux we do not call into libbpf, and instead directly perform bpf syscalls. This works because the syscall interface on Linux is considered a stable API which mustn't be broken.

To be able to add Windows support under the same constraints we need to be able to perform direct syscalls on Windows, which in turn would require the project to commit to keeping the kernel to user space API stable. Therefore I proposed to make DeviceIoControl calls a stable / supported API to interact with eBPF on Windows.

Proposed solution

  • Document that invocation via DeviceIoControl is considered a stable API.
  • Publish a machine readable description of the API as part of the eBPF for Windows repository. This allows us to automatically generate Go syscall bindings, as we do on Linux (currently using BTF). This could be JSON or maybe C header files (needs some experimentation).

Additional context

No response

Metadata

Metadata

Assignees

Labels

P2enhancementNew feature or requesttriagedDiscussed in a triage meeting

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions